Insights from BCC Research

Pharma Thinks Beyond the Pill: Connected Devices are a Smart Strategy

MedCrypt, a medical device software security company, just announced the closing of $750,000 in seed round financing. With patient data increasingly at risk, the FDA has called for device manufacturers to strengthen their software security. This mandate creates big opportunities for companies like MedCrypt, which works with manufacturers to prevent unauthorized access and use of their medical devices. The worst-case scenario was illustrated in MedCrypt’s press release.

“The increased use of, and dependency on, connected devices at hospitals and health systems has revealed security risks and vulnerabilities, consequently putting patient safety at risk,” said Mike Kijewski, co-founder and CEO of MedCrypt. “While it’s distressing to think about a hacker remotely disabling a medical device, it’s far more unnerving to consider a hacker silently taking over a device and sending it malicious instructions, resulting in a patient’s injury or worse, death.”

Connected devices are a huge focus, with the pharma industry increasingly strengthening its ties with the tech sector. The newest tie-up involves Verily, the life sciences unit of Google parent Alphabet Inc., and Sanofi. The companies are investing roughly $500 million to form a joint venture that will combine devices with services to improve diabetes care. Called Onduo, it will leverage Verily’s experience in miniaturized electronics, analytics, and consumer software development, with Sanofi’s clinical expertise and experience with successful development of diabetes treatments. A spokeswoman for Sanofi said products on sale would include connected objects such as insulin pens and online services.

Verily is also developing a smart contact lens in partnership with Novartis. Tiny sensors and microchips would be embedded in the lens. The device could provide diabetic users with measurements of their glucose levels by gauging their tear fluid and then transmitting the data wirelessly to a smartphone.

Data theft is a serious enough problem. Equally alarming is the ability to hijack medical devices connected to the Internet, such as MRI scanners and cardiology equipment like defibrillators. A security expert with the Kaspersky Lab Global Research and Analysis Team conducted field research at a private clinic in an attempt to explore its security weaknesses. The unnamed researcher found a way that could give cybercriminals access to personal patient data, including their clinical history, medical information, addresses, and identification details. In addition, cybercriminals could alter the way a medical device works and cause physical damage to patients. They could also potentially damage the device itself, at significant cost to the hospital. (Read more from Daily Mail.)

As companies struggle to mitigate the impact of their medicines going off patent, it is likely that strategic moves such as those described above will continue. PwC’s Health Research Institute said in a recent report, “Drug companies are looking beyond traditional M&A by acquiring ‘beyond-the-pill’ products and services to bolster their portfolios and pipelines.”

Makers of inhalers to treat conditions such as asthma and chronic lung disease are vying to develop a new generation of smart devices that are linked wirelessly to the cloud. These connected inhalers will be able to track the number of puffs taken, among other things, and the data can be shared with patients and their healthcare providers. Drug makers have linked up with technology firms for the connectivity piece. Wireless technology company Qualcomm is working with Boehringer Ingelheim to develop a secure, Internet-connected inhaler to ensure that patients with chronic obstructive pulmonary disease (COPD) take their medicine properly.

Qualcomm is also collaborating to develop the next generation of Novartis’ Breezhaler, which is used with each of the medicines in its COPD portfolio. The new product will be able to record information, including the time the inhaler is used, which will then be sent wirelessly to patients’ smartphones and to the cloud. GlaxoSmithKline has teamed up with Propeller Health to create a customized sensor for the Ellipta inhaler that will automatically collect and record data on the date and time of each use of the device. The sensor will be used in clinical studies in asthma and COPD, sending that data directly to GlaxoSmithKline’s investigators for analysis.

This trend toward smart patient-monitoring devices and systems makes the protection of patients and their health data paramount. More and more, doctors do not necessarily need to be “bedside.” One recent survey by Aeris found that the vast majority of healthcare professionals (84% of respondents) believe that technological innovations have finally evolved enough to produce devices that deliver similar outcomes for patients who receive treatment instructions virtually and those treated in-person.

Ongoing partnerships between medical device manufacturers and IT security companies are critical—not only to patient safety, but to ensure secure communications among clinicians, patients, and their connected medical devices.